[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Making TOR exit-node IP address configurable

On Wed, 09 Mar 2011 23:29:16 +0100
"Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx> wrote:

> On 3/9/11 11:20 PM, Robert Ransom wrote:
> > Try running "man tor |grep -C5 OutboundBindAddress".
> You didn't got the technical need, the need is to redirect only TOR-exit
> traffic.
> OutboundBindAddress make *all*, including intra-tor, communications go
> trough that IP address:
> "Make all outbound connections originate from the IP address specified.
>  This is only useful when you have multiple network interfaces, and  you
>  want all of Torâs outgoing connections to use a single one."
> I've been thinking about a settings for TOR-Exit only traffic.
> > 
> > But I'm not surprised that someone who wants to perform content
> > censorship on a Tor exit node is too clueless to find that Tor
> > configuration option, or to find out that iptables can apply different
> > rules to the user ID under which Tor is running.
> Yes but that's more complex, with iptables you can redirect TCP ports,
> but from your TOR node not all traffic going for example to port 80 is
> http, but a lot of it it's TOR.
> If you redirect it to a transparent proxy you'll break intra-tor
> communications, and so you can't just make an easy redirect with iptables.

Ah!  Now I get it.  You want to censor non-HTTP connections on port 80,
and probably Google searches for "Robert'); DROP TABLE Students;--" (a
quote from one popular web comic) as well.

I've opened a relevant enhancement ticket.  See

Robert Ransom

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list